CN104239799A - Android application program privacy stealing detection method and system based on behavior chain - Google Patents

Android application program privacy stealing detection method and system based on behavior chain Download PDF

Info

Publication number
CN104239799A
CN104239799A CN201410453327.4A CN201410453327A CN104239799A CN 104239799 A CN104239799 A CN 104239799A CN 201410453327 A CN201410453327 A CN 201410453327A CN 104239799 A CN104239799 A CN 104239799A
Authority
CN
China
Prior art keywords
function
privacy
calling relationship
application program
android application
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201410453327.4A
Other languages
Chinese (zh)
Inventor
薛一波
王兆国
李城龙
张洛什
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tsinghua University
Original Assignee
Tsinghua University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tsinghua University filed Critical Tsinghua University
Priority to CN201410453327.4A priority Critical patent/CN104239799A/en
Publication of CN104239799A publication Critical patent/CN104239799A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/03Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
    • G06F2221/033Test or assess software

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Virology (AREA)
  • Debugging And Monitoring (AREA)

Abstract

The invention provides an Android application program privacy stealing detection method and system based on a behavior chain. The method comprises the following steps that reverse decompilation analysis is carried out on a target Android application program, and a function calling relationship is obtained; the function calling relationship is subjected to modeling, and a directional relationship matrix is built according to the function calling relationship subjected to the modeling; a preset model base is compared with the function calling relationship, and a privacy obtaining function and a privacy leakage function used by the target Android application are obtained; according to the directional relationship matrix, the reachability analysis result of the privacy stealing function and the privacy leakage function is obtained; the privacy stealing behavior chain is determined according to the reachability analysis result, and the suspected privacy stealing behavior is determined. The method has the advantages that all privacy leakage paths in all of the Android application programs can be automatically and fast detected in one step, and the detection efficiency is greatly improved.

Description

The Android application program privacy of Behavior-based control chain steals detection method and system
Technical field
The present invention relates to Android platform application software security technology area, the Android application program privacy particularly relating to a kind of Behavior-based control chain steals detection method and system.
Background technology
Android system is as a kind of operation system of smart phone of increasing income, attract a large amount of application developers, Android application program also obtains swift and violent development thereupon, but it is while bringing great convenience, has also caused the problem that ubiquitous privacy of user is stolen.
At present, the method for detecting privacy of user leaking data in prior art can be divided into two classes: Static Analysis Method and dynamic analysing method.Lacking contextual information association based on the analysis of authority in static detection method causes accuracy lower; And its analysis based on control flow check, data stream exists the problems such as privacy Xiang Buquan, algorithm complex are higher that detect, and need manually to participate in being difficult to robotization and realize.
Dynamic detection method performs based on program, and its advantage is that accuracy is higher, but shortcoming to be performance cost very large, there is wrong report in inapplicable in large scale, Android platform that renewal speed is fast, and cannot all execution routes in overlay program.
Summary of the invention
For defect of the prior art, the Android application program privacy that the invention provides a kind of Behavior-based control chain steals detection method and system, can all privacy compromise paths in robotization, rapidly disposable detection full Android application program, improve the efficiency of detection significantly.
First aspect, the Android application program privacy that the invention provides a kind of Behavior-based control chain steals detection method, comprising:
Reverse decompiling analysis is carried out to target Android application program, obtains function calling relationship;
By described function calling relationship modelling, be built with to relational matrix according to modeled function calling relationship;
Default model bank and described function calling relationship are compared, the privacy obtaining the use of described target Android application program obtains function and privacy leakage function;
According to described oriented relational matrix, obtain the approachability analysis result that described privacy steals function and described privacy leakage function;
According to approachability analysis result determination privacy taking and carring away chain, and determine the privacy taking and carring away be accused of in described target Android application program.
Alternatively, described reverse decompiling analysis is carried out to target Android application program, obtains function calling relationship, comprising:
Be Java source file by the Dex formatted file decompiling of target Android application program;
According to described Java source file, generate the function calling relationship file comprising function calling relationship, obtain described function calling relationship.
Alternatively, the described Dex formatted file decompiling by target Android application program is Java source file, is specially:
Open-Source Tools Dex2jar and Jad is used to be Java source file by the Dex formatted file decompiling of target Android application program;
Correspondingly, described according to described Java source file, generate the function calling relationship file comprising function calling relationship, obtain described function calling relationship, be specially:
According to described Java source file, use the androgexf instrument in Open-Source Tools Androguard to generate the function calling relationship file comprising function calling relationship, obtain described function calling relationship.
Alternatively, described by described function calling relationship modelling, be built with to relational matrix according to modeled function calling relationship, be specially:
Construct the digraph of described function calling relationship, described digraph G call=(V fu, E) represent, wherein, V fu={ Fu (1), Fu (2)..., Fu (n)be whole function sets that described target Android application program uses, E is unit matrix, Fu (n)for the function that described target Android application program uses, n is positive integer;
Construct the adjacency matrix of the digraph of described function calling relationship:
Wherein, Fu (i:j)for described function calling relationship, i ∈ n, j ∈ n.
Alternatively, described according to described oriented relational matrix, obtain the approachability analysis result that described privacy steals function and described privacy leakage function, be specially:
According to described oriented relational matrix, use Wxshall algorithm to obtain privacy in function calling relationship and steal the approachability analysis result of function and privacy leakage function.
Alternatively, described model bank comprises: privacy steals function term and symbol table, privacy leakage function term and symbol table;
Described privacy steals function term and symbol table comprises: the function of user privacy information and use thereof;
Described privacy leakage function term and symbol table comprise: user privacy information reveals the function set that process uses;
Described function calling relationship comprises: whole functions that described target Android application program uses.
Second aspect, the Android application program privacy that the invention provides a kind of Behavior-based control chain steals detection system, comprising:
Call relation acquisition module, for carrying out reverse decompiling analysis to target Android application program, obtains function calling relationship;
Matrix builds module, for by described function calling relationship modelling, is built with to relational matrix according to modeled function calling relationship;
Function acquisition module, for default model bank and described function calling relationship being compared, the privacy obtaining the use of described target Android application program obtains function and privacy leakage function;
Approachability analysis result acquisition module, for according to described oriented relational matrix, obtains the approachability analysis result that described privacy steals function and described privacy leakage function;
Determination module, for according to approachability analysis result determination privacy taking and carring away chain, and determines the privacy taking and carring away be accused of in described target Android application program.
Alternatively, described call relation acquisition module, comprising:
Decompiling unit, for being Java source file by the Dex formatted file decompiling of target Android application program;
Call relation acquiring unit, for according to described Java source file, generates the function calling relationship file comprising function calling relationship, obtains described function calling relationship.
Alternatively, described matrix builds module, comprising:
Digraph tectonic element, for constructing the digraph of described function calling relationship, described digraph G call=(V fu, E) represent, wherein, V fu={ Fu (1), Fu (2)..., Fu (n)be whole function sets that described target Android application program uses, E is unit matrix, Fu (n)for the function that described target Android application program uses, n is positive integer;
Adjacency matrix tectonic element, for constructing the adjacency matrix of the digraph of described function calling relationship:
Wherein, Fu (i:j)for described function calling relationship, i ∈ n, j ∈ n.
Alternatively, described approachability analysis result acquisition module, specifically for
According to described oriented relational matrix, use Wxshall algorithm to obtain privacy in function calling relationship and steal the approachability analysis result of function and privacy leakage function.
As shown from the above technical solution, the Android application program privacy of Behavior-based control chain of the present invention steals detection method and system, by carrying out reverse decompiling analysis to target Android application program, obtain function calling relationship, by function calling relationship modelling, be built with to relational matrix, default model bank function call relation is compared, obtain privacy and obtain function and privacy leakage function, according to oriented relational matrix, obtain the approachability analysis result that privacy steals function and privacy leakage function, according to approachability analysis result determination privacy taking and carring away chain, determine the privacy taking and carring away be accused of, thus, can robotization, all privacy compromise paths rapidly in disposable detection full Android application program, improve the efficiency of detection significantly.
Accompanying drawing explanation
The Android application program privacy of the Behavior-based control chain that Fig. 1 provides for one embodiment of the invention steals the schematic flow sheet of detection method;
The Android application program privacy of the Behavior-based control chain that Fig. 2 provides for one embodiment of the invention steals the structural representation of detection system.
Embodiment
For making the object of the embodiment of the present invention, technical scheme and advantage clearly, below in conjunction with the accompanying drawing in the embodiment of the present invention, clear, complete description is carried out to the technical scheme in the embodiment of the present invention, obviously, described embodiment is only the present invention's part embodiment, instead of whole embodiments.Based on embodiments of the invention, those of ordinary skill in the art, not making the every other embodiment obtained under creative work prerequisite, belong to the scope of protection of the invention.
The Android application program privacy that Fig. 1 shows the Behavior-based control chain that one embodiment of the invention provides steals the schematic flow sheet of detection method, and as shown in Figure 1, it is as described below that the Android application program privacy of the Behavior-based control chain of the present embodiment steals detection method.
101, reverse decompiling analysis is carried out to target Android application program, obtain function calling relationship.
In a particular application, step 101 can comprise not shown step 101a and 101b:
101a, be Java source file by the Dex formatted file decompiling of target Android application program.
For example, Open-Source Tools Dex2jar and Jad can be used to be Java source file by the Dex formatted file decompiling of target Android application program.
It should be noted that described Java source file is the Java source file of standard, other instruments also can be used to be Java source file by the Dex formatted file decompiling of target Android application program.The present embodiment does not limit it, is only and illustrates, can select according to actual needs.
101b, according to described Java source file, generate and comprise the function calling relationship file of function calling relationship, obtain described function calling relationship.
For example, according to described Java source file, the androgexf instrument in Open-Source Tools Androguard can be used to generate the function calling relationship file comprising function calling relationship, obtain described function calling relationship.
It should be noted that and other instruments also can be used to generate the function calling relationship file comprising function calling relationship.The present embodiment does not limit it, is only and illustrates, can select according to actual needs.
102, by described function calling relationship modelling, be built with to relational matrix according to modeled function calling relationship.
In a particular application, step 102 can comprise:
Construct the digraph of described function calling relationship, described digraph G call=(V fu, E) represent, wherein, V fu={ Fu (1), Fu (2)..., Fu (n)be whole function sets that described target Android application program uses, E is unit matrix, Fu (n)for the function that described target Android application program uses, n is positive integer;
Construct the adjacency matrix of the digraph of described function calling relationship:
Wherein, Fu (i:j)for described function calling relationship, i ∈ n, j ∈ n.
Will be understood that, in privacy taking and carring away chain detects, adjacency matrix is all permutation equivalence, therefore only needs an optional adjacency matrix as the adjacency matrix of function calling relationship digraph.
In order to reduce algorithm complex, improving real-time, reachability matrix can be converted into Boolean matrix, as follows:
If G call=(V fu, E) and be the simple digraph V on n rank fu={ Fu (1), Fu (2)..., Fu (n), definition matrix P=(P ij) n × n,
P is claimed to be figure G callreachability matrix.
103, default model bank and described function calling relationship are compared, the privacy obtaining the use of described target Android application program obtains function and privacy leakage function.
In a particular application, described model bank can comprise: privacy steals function term and symbol table (as following table 1), privacy leakage function term and symbol table (as following table 2); Described privacy steals function term and symbol table comprises: the function of user privacy information and use thereof; Described privacy leakage function term and symbol table comprise: user privacy information reveals the function set that process uses; Described function calling relationship comprises: whole functions that described target Android application program uses.
Will be understood that, the target that privacy information steals detection detects in Android application program whether obtain user privacy information (F (S)), the following user privacy information of main detection also obtains the function used: read associated person information, short message reading/MMS content, acquisition message registration, read account number cipher information, positional information etc., as shown in table 1.
Table 1 privacy steals function term and symbol
Will be understood that, it is the function set detecting the use of leakage of private information process that privacy leakage point detects, and mainly comprises the leakage modes such as Internet link, Wi-Fi bluetooth and short message, as shown in table 2.
Table 2 privacy leakage function term and symbol
104, according to described oriented relational matrix, the approachability analysis result that described privacy steals function and described privacy leakage function is obtained.
Preferably, according to described oriented relational matrix, Wxshall algorithm can be used to obtain privacy in function calling relationship and to steal the approachability analysis result of function and privacy leakage function.
Will be understood that, before the approachability analysis result using WxShall algorithm acquisition privacy acquisition function and privacy leakage function and other function node, in order to detection of malicious behavioral chain, for target Android application program, first should at the oriented relational matrix G of its n function call=(V fu, E) in all privacy of coupling obtain function and privacy leakage function, matching result is extracted and gathers L={l 1, l 2..., l m, wherein l mfor function label, and then WxShall algorithm is used to obtain the approachability analysis result of privacy acquisition function and privacy leakage function and other function node.
Will be understood that, WxShall algorithm is not obtain the unique method that privacy obtains the approachability analysis result of function and privacy leakage function, the method obtaining the approachability analysis result of privacy acquisition function and privacy leakage function has multiple, as Warshall algorithm etc., here do not repeat one by one, but WxShall algorithm obtains the optimal algorithm that privacy obtains the approachability analysis result of function and privacy leakage function.
105, according to approachability analysis result determination privacy taking and carring away chain, and the privacy taking and carring away be accused of in described target Android application program is determined.
Will be understood that, approachability analysis result can be regarded as, refer to easy degree from one place to another, the approachability analysis result of function and privacy leakage function and other function node is obtained by obtaining privacy, just can determine privacy taking and carring away chain according to approachability analysis result, and determine the privacy taking and carring away be accused of in described target Android application program.
The Android application program privacy of the Behavior-based control chain of the present embodiment steals detection method, by carrying out reverse decompiling analysis to target Android application program, obtain function calling relationship, by function calling relationship modelling, be built with to relational matrix, default model bank function call relation is compared, obtain privacy and obtain function and privacy leakage function, according to oriented relational matrix, obtain the approachability analysis result that privacy steals function and privacy leakage function, according to approachability analysis result determination privacy taking and carring away chain, determine the privacy taking and carring away be accused of, can robotization, all privacy compromise paths rapidly in disposable detection full Android application program, improve the efficiency of detection significantly.
In a particular application, step 104 obtains described privacy to steal the false code of the optimal algorithm-WxShall algorithm of the approachability analysis result of function and described privacy leakage function as follows.WxShall algorithm:
Input: the call relation file of n method.
Export: n × n ties up malicious act chain matrix P (S:T), wherein P ij=1 is Fu (i)to Fu (j)there is the directed path of non-zero.
Step1: build relational matrix.
Xmldoc=minidom.parse (" the oriented call relation file of function ")
G=zeros ((int (count), int (count))/* initialization n × n dimension space of matrices */
For node:=1 to n Do/* be built with to relational matrix */
x=int(node.getAttribute(″source″))
y=int(node.getAttribute(″target″))
G [y, x]=1/* exist call relation */
Step2: determine that privacy obtains function with privacy leakage function
Write_usedpath=open (" being loaded into privacy obtain function and reveal function library file ")
for?node?in?xmldoc.getElementsByTagName(″node″):
if?node.getAttribute(″label″).find(yuan[0])!=-1:
Step3:WxShall reachability matrix calculates
for?i:=l 1?to?l m?Do
forj:=1?to?n?Do
if(G[i,j]==1)
fork:=0?to?n?Do
if((G[j,k]:=l)&&G[i,k]:=0&&(k<j))
for?l:=1?to?n?Do
G[i,l]=G[i,l]or?G[k,l]
elseG[i,k]=G[i,k]or?G[j,k]
Step4: malicious act state BE: σ s → T → P=<F s, F t, P> judges
fori : = l S 1 to l l S&alpha; Do
forj : = l T 1 to l l T&beta; Do
fork:=0?to?n?DO
If(G[i,k]and?G[j,k])
Print F s+ F t+ P/* output matching result */
Will be understood that, this algorithm experimentally draws.
This algorithm can calculate the approachability analysis result that described privacy steals function and described privacy leakage function more expeditiously.For example, at typical condition, WxShall algorithm improves tens times than traditional Warshall efficiency of algorithm.
The Android application program privacy that Fig. 2 shows the Behavior-based control chain that one embodiment of the invention provides steals the structural representation of detection system, as shown in Figure 2, the Android application program privacy of the Behavior-based control chain of the present embodiment steals detection system, comprising: call relation acquisition module 21, matrix build module 22, function acquisition module 23, approachability analysis result acquisition module 24, determination module 25;
Call relation acquisition module 21, for carrying out reverse decompiling analysis to target Android application program, obtains function calling relationship;
Matrix builds module 22, for by described function calling relationship modelling, is built with to relational matrix according to modeled function calling relationship;
Function acquisition module 23, for default model bank and described function calling relationship being compared, the privacy obtaining the use of described target Android application program obtains function and privacy leakage function;
Approachability analysis result acquisition module 24, for according to described oriented relational matrix, obtains the approachability analysis result that described privacy steals function and described privacy leakage function;
Determination module 25, for according to approachability analysis result determination privacy taking and carring away chain, and determines the privacy taking and carring away be accused of in described target Android application program.
In a particular application, described model bank can comprise: privacy steals function term and symbol table, privacy leakage function term and symbol table;
Described privacy steals function term and symbol table comprises: the function of user privacy information and use thereof; Described user privacy information can comprise: read associated person information, short message reading/MMS content, obtain message registration, read account number cipher information, positional information etc.; Described privacy steals function term and symbol table as illustrated in the foregoing fig. 1 in embodiment of the method described in table 1, repeats no more herein;
Described privacy leakage function term and symbol table comprise: user privacy information reveals the function set that process uses; The function set that described user privacy information reveals process use can comprise: Internet link, Wi-Fi, bluetooth and short message etc.; Described privacy leakage function term and symbol table, as illustrated in the foregoing fig. 1 in embodiment of the method described in table 2, repeat no more herein.
In a particular application, described call relation acquisition module 21, can comprise not shown decompiling unit and call relation acquiring unit:
Decompiling unit, for being Java source file by the Dex formatted file decompiling of target Android application program;
Call relation acquiring unit, for according to described Java source file, generates the function calling relationship file comprising function calling relationship, obtains described function calling relationship.
In a particular application, described matrix builds module 22, can comprise not shown digraph tectonic element and adjacency matrix tectonic element:
Digraph tectonic element, for constructing the digraph of described function calling relationship, described digraph G call=(V fu, E) represent, wherein, V fu={ Fu (1), Fu (2)..., Fu (n)be whole function sets that described target Android application program uses, E is unit matrix, Fu (n)for the function that described target Android application program uses, n is positive integer;
Adjacency matrix tectonic element, for constructing the adjacency matrix of the digraph of described function calling relationship:
Wherein, Fu (i:j)for described function calling relationship, i ∈ n, j ∈ n.
In a particular application, described approachability analysis result acquisition module 24, specifically may be used for
According to described oriented relational matrix, use Wxshall algorithm to obtain privacy in function calling relationship and steal the approachability analysis result of function and privacy leakage function.
Will be understood that, before the approachability analysis result using WxShall algorithm acquisition privacy acquisition function and privacy leakage function and other function node, in order to detection of malicious behavioral chain, for target Android application program, first should at the oriented matrix G of its n function call=(V fu, E) in all privacy of coupling obtain function and privacy leakage function, matching result is extracted and gathers L={l 1, l 2..., l m, wherein l mfor function label, and then WxShall algorithm is used to obtain the approachability analysis result of privacy acquisition function and privacy leakage function and other function node.
Will be understood that, WxShall algorithm is not obtain the unique method that privacy obtains the approachability analysis result of function and privacy leakage function, the method obtaining the approachability analysis result of privacy acquisition function and privacy leakage function has multiple, do not repeat one by one, but WxShall algorithm obtains the optimal algorithm that privacy obtains the approachability analysis result of function and privacy leakage function herein.
Particularly, the false code of WxShall algorithm, as illustrated in the foregoing fig. 1 described in embodiment of the method, repeats no more herein.
The Android application program privacy of the Behavior-based control chain of the present embodiment steals detection system, can all privacy compromise paths in robotization, rapidly disposable detection full Android application program, improves the efficiency of detection significantly.
The Android application program privacy of the Behavior-based control chain of the present embodiment steals detection system, and may be used for the technical scheme performing embodiment of the method shown in earlier figures 1, it realizes principle and technique effect is similar, repeats no more herein.
One of ordinary skill in the art will appreciate that: all or part of step realizing above-mentioned each embodiment of the method can have been come by the hardware that programmed instruction is relevant.Aforesaid program can be stored in a computer read/write memory medium.This program, when performing, performs the step comprising above-mentioned each embodiment of the method; And aforesaid storage medium comprises: ROM, RAM, magnetic disc or CD etc. various can be program code stored medium.
Last it is noted that above each embodiment is only in order to illustrate technical scheme of the present invention, be not intended to limit; Although with reference to foregoing embodiments to invention has been detailed description, those of ordinary skill in the art is to be understood that: it still can be modified to the technical scheme described in foregoing embodiments, or carries out equivalent replacement to wherein some or all of technical characteristic; And these amendments or replacement, do not make the essence of appropriate technical solution depart from the scope of the claims in the present invention.

Claims (10)

1. the Android application program privacy of Behavior-based control chain steals a detection method, it is characterized in that, comprising:
Reverse decompiling analysis is carried out to target Android application program, obtains function calling relationship;
By described function calling relationship modelling, be built with to relational matrix according to modeled function calling relationship;
Default model bank and described function calling relationship are compared, the privacy obtaining the use of described target Android application program obtains function and privacy leakage function;
According to described oriented relational matrix, obtain the approachability analysis result that described privacy steals function and described privacy leakage function;
According to approachability analysis result determination privacy taking and carring away chain, and determine the privacy taking and carring away be accused of in described target Android application program.
2. method according to claim 1, is characterized in that, describedly carries out reverse decompiling analysis to target Android application program, obtains function calling relationship, comprising:
Be Java source file by the Dex formatted file decompiling of target Android application program;
According to described Java source file, generate the function calling relationship file comprising function calling relationship, obtain described function calling relationship.
3. method according to claim 2, is characterized in that, the described Dex formatted file decompiling by target Android application program is Java source file, is specially:
Open-Source Tools Dex2jar and Jad is used to be Java source file by the Dex formatted file decompiling of target Android application program;
Correspondingly, described according to described Java source file, generate the function calling relationship file comprising function calling relationship, obtain described function calling relationship, be specially:
According to described Java source file, use the androgexf instrument in Open-Source Tools Androguard to generate the function calling relationship file comprising function calling relationship, obtain described function calling relationship.
4. method according to claim 1, is characterized in that, described by described function calling relationship modelling, is built with to relational matrix, is specially according to modeled function calling relationship:
Construct the digraph of described function calling relationship, described digraph G call=(V fu, E) represent, wherein, V fu={ Fu (1), Fu (2)..., Fu (n)be whole function sets that described target Android application program uses, E is unit matrix, Fu (n)for the function that described target Android application program uses, n is positive integer;
Construct the adjacency matrix of the digraph of described function calling relationship:
Wherein, Fu (i:j)for described function calling relationship, i ∈ n, j ∈ n.
5. method according to claim 1, is characterized in that, described according to described oriented relational matrix, obtains the approachability analysis result that described privacy steals function and described privacy leakage function, is specially:
According to described oriented relational matrix, use Wxshall algorithm to obtain privacy in function calling relationship and steal the approachability analysis result of function and privacy leakage function.
6. method according to claim 1, is characterized in that, described model bank comprises: privacy steals function term and symbol table, privacy leakage function term and symbol table;
Described privacy steals function term and symbol table comprises: the function of user privacy information and use thereof;
Described privacy leakage function term and symbol table comprise: user privacy information reveals the function set that process uses;
Described function calling relationship comprises: whole functions that described target Android application program uses.
7. the Android application program privacy of Behavior-based control chain steals a detection system, it is characterized in that, comprising:
Call relation acquisition module, for carrying out reverse decompiling analysis to target Android application program, obtains function calling relationship;
Matrix builds module, for by described function calling relationship modelling, is built with to relational matrix according to modeled function calling relationship;
Function acquisition module, for default model bank and described function calling relationship being compared, the privacy obtaining the use of described target Android application program obtains function and privacy leakage function;
Approachability analysis result acquisition module, for according to described oriented relational matrix, obtains the approachability analysis result that described privacy steals function and described privacy leakage function;
Determination module, for according to approachability analysis result determination privacy taking and carring away chain, and determines the privacy taking and carring away be accused of in described target Android application program.
8. system according to claim 7, is characterized in that, described call relation acquisition module, comprising:
Decompiling unit, for being Java source file by the Dex formatted file decompiling of target Android application program;
Call relation acquiring unit, for according to described Java source file, generates the function calling relationship file comprising function calling relationship, obtains described function calling relationship.
9. system according to claim 7, is characterized in that, described matrix builds module, comprising:
Digraph tectonic element, for constructing the digraph of described function calling relationship, described digraph G call=(V fu, E) represent, wherein, V fu={ Fu (1), Fu (2)..., Fu (n)be whole function sets that described target Android application program uses, E is unit matrix, Fu (n)for the function that described target Android application program uses, n is positive integer;
Adjacency matrix tectonic element, for constructing the adjacency matrix of the digraph of described function calling relationship:
Wherein, Fu (i:j)for described function calling relationship, i ∈ n, j ∈ n.
10. system according to claim 7, is characterized in that, described approachability analysis result acquisition module, specifically for
According to described oriented relational matrix, use Wxshall algorithm to obtain privacy in function calling relationship and steal the approachability analysis result of function and privacy leakage function.
CN201410453327.4A 2014-09-05 2014-09-05 Android application program privacy stealing detection method and system based on behavior chain Pending CN104239799A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201410453327.4A CN104239799A (en) 2014-09-05 2014-09-05 Android application program privacy stealing detection method and system based on behavior chain

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410453327.4A CN104239799A (en) 2014-09-05 2014-09-05 Android application program privacy stealing detection method and system based on behavior chain

Publications (1)

Publication Number Publication Date
CN104239799A true CN104239799A (en) 2014-12-24

Family

ID=52227841

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410453327.4A Pending CN104239799A (en) 2014-09-05 2014-09-05 Android application program privacy stealing detection method and system based on behavior chain

Country Status (1)

Country Link
CN (1) CN104239799A (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106528399A (en) * 2015-09-15 2017-03-22 腾讯科技(深圳)有限公司 Test case determination method and apparatus
CN110019982A (en) * 2017-12-05 2019-07-16 航天信息股份有限公司 The determination method and device of node coordinate
CN110727952A (en) * 2019-08-30 2020-01-24 国家计算机网络与信息安全管理中心 Privacy collection and identification method for third-party library of mobile application program
CN110990878A (en) * 2019-12-13 2020-04-10 支付宝(杭州)信息技术有限公司 Construction method of private data derivative graph
CN111190603A (en) * 2019-12-18 2020-05-22 腾讯科技(深圳)有限公司 Private data detection method and device and computer readable storage medium
CN112632551A (en) * 2021-03-11 2021-04-09 北京邮电大学 Third-party library information leakage detection method and device

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102737190A (en) * 2012-07-04 2012-10-17 复旦大学 Detection method for information leakage hidden trouble in Android application log based on static state analysis
CN103473509A (en) * 2013-09-30 2013-12-25 清华大学 Android platform malware automatic detecting method
CN103577324A (en) * 2013-10-30 2014-02-12 北京邮电大学 Static detection method for privacy information disclosure in mobile applications

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102737190A (en) * 2012-07-04 2012-10-17 复旦大学 Detection method for information leakage hidden trouble in Android application log based on static state analysis
CN103473509A (en) * 2013-09-30 2013-12-25 清华大学 Android platform malware automatic detecting method
CN103577324A (en) * 2013-10-30 2014-02-12 北京邮电大学 Static detection method for privacy information disclosure in mobile applications

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
于鹏洋等: "Android应用隐私泄露静态代码分析", 《软件工程》 *
刘任任等: "基于求传递闭包的Warshall算法的改进", 《计算机工程》 *
叶红: "可达矩阵的Warshall算法实现", 《安徽大学学报(自然科学版)》 *

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106528399A (en) * 2015-09-15 2017-03-22 腾讯科技(深圳)有限公司 Test case determination method and apparatus
CN110019982A (en) * 2017-12-05 2019-07-16 航天信息股份有限公司 The determination method and device of node coordinate
CN110019982B (en) * 2017-12-05 2021-07-06 航天信息股份有限公司 Node coordinate determination method and device
CN110727952A (en) * 2019-08-30 2020-01-24 国家计算机网络与信息安全管理中心 Privacy collection and identification method for third-party library of mobile application program
CN110990878A (en) * 2019-12-13 2020-04-10 支付宝(杭州)信息技术有限公司 Construction method of private data derivative graph
CN110990878B (en) * 2019-12-13 2021-09-28 支付宝(杭州)信息技术有限公司 Construction method of private data derivative graph
CN111190603A (en) * 2019-12-18 2020-05-22 腾讯科技(深圳)有限公司 Private data detection method and device and computer readable storage medium
CN111190603B (en) * 2019-12-18 2021-07-06 腾讯科技(深圳)有限公司 Private data detection method and device and computer readable storage medium
CN112632551A (en) * 2021-03-11 2021-04-09 北京邮电大学 Third-party library information leakage detection method and device
CN112632551B (en) * 2021-03-11 2021-09-28 北京邮电大学 Third-party library information leakage detection method and device

Similar Documents

Publication Publication Date Title
CN104239799A (en) Android application program privacy stealing detection method and system based on behavior chain
CN105022957B (en) Method for detecting malicious program on demand and electronic device thereof
CN102402479B (en) For the intermediate representation structure of static analysis
TWI541669B (en) Detection systems and methods for static detection applications, and computer program products
Allix et al. Large-scale machine learning-based malware detection: confronting the" 10-fold cross validation" scheme with reality
CN104657634A (en) Method and device for identifying pirate application
Al-E’mari et al. A labeled transactions-based dataset on the ethereum network
CN105760761A (en) Software behavior analyzing method and device
CN108399321B (en) Software local plagiarism detection method based on dynamic instruction dependence graph birthmark
Li et al. Large-scale third-party library detection in android markets
CN113268243A (en) Memory prediction method and device, storage medium and electronic equipment
CN106844219B (en) Application detection method and application detection device
CN105825084B (en) Method for carrying out matching detection to the object with image
CN116932381A (en) Automatic evaluation method for security risk of applet and related equipment
KR101324691B1 (en) System and method for detecting malicious mobile applications
CN104021073A (en) Software vulnerability detection method based on pointer analysis
Lee et al. Camp2Vec: Embedding cyber campaign with ATT&CK framework for attack group analysis
CN103971055B (en) A kind of Android malware detection method based on program slicing technique
CN107408031A (en) Use the system and method for the generation random number of physical change present in material sample
Wang et al. Large language model supply chain: A research agenda
CN109241706B (en) Software plagiarism detection method based on static birthmarks
CN108875374B (en) Malicious PDF detection method and device based on document node type
CN117375792A (en) Method and device for detecting side channel
Ban et al. A Survey on IoT Vulnerability Discovery
CN114792006B (en) LSTM-based android cross-application collusion security analysis method and system

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20141224

RJ01 Rejection of invention patent application after publication